How to store last 6 passords

I have to write some code .NET, where the user must NOT use password that matches the last 6 password they have used. Can someone please tell me how I would so that i.e. down to SQL level as well as C# level

You just need to store hashes (use salted hashes) of the last 6 passwords in your database. Then for a new password, compare the new password hash with the old hashes.

I would have a table with some "USER ID" and "SALTED HASH" columns. Then get the last X (=6) hashes for the user id to compare. In case of no match, remove the X+1 entry from botton up from the table (if it exists) and add the new salted hash to the table.

You could also have X columns of old hashes, how you organize that is really up to you, I would prefer my suggestion over X columns because then it is easy to have X configurable.

Michael74, this method you propose is *not* good. It implies on the key being stored on the server, and if an attacker can get to the stored password it probably can get the key too, so is just like using a lock on your door but keeping the key under the carpet.

Thats why using hashed salted passwords is the best and standard way to store passwords, since you do not need to decrypt them anyway, just check if it is correct, and you can do that on the hashed form.

More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…

Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen.
Visualize your data! ... really see it
To use the code to create a calendar from a q…